Title: insecure_cookies Vulnerability on DELETE:/api/v1/orgs/{id}
Project: NB 58
Description:
Assertion
Overview: Cookies are commonly used to conveniently store information client side, such as for API authentication. If used with insecure settings they can be used as an attack vector and a source of data leaks. This category checks the cookies are set to only be allowed over a secure connection and they cannot be accessed by client side javascript. The secure connection keeps them from being intercepted. Not allowing javascript to read the values will help keep malicious websites from harvesting the cookie data.
Title: insecure_cookies Vulnerability on DELETE:/api/v1/orgs/{id} Project: NB 58 Description:
Assertion
Overview: Cookies are commonly used to conveniently store information client side, such as for API authentication. If used with insecure settings they can be used as an attack vector and a source of data leaks. This category checks the cookies are set to only be allowed over a secure connection and they cannot be accessed by client side javascript. The secure connection keeps them from being intercepted. Not allowing javascript to read the values will help keep malicious websites from harvesting the cookie data.
Severity: Medium API Endpoint: http://netbanking.apisec.ai:8080/api/v1/orgs/FymlDAoR Environment: Master Playbook: ApiV1OrgsIdDeleteInsecureCookies Researcher: Default
QUICK TIPS
Suggestion: Effort Estimate: null Hrs Wire Logs:
IMPORTANT LINKS
Vulnerability Details: https://cloud.apisec.ai/#/app/vulnerabilities/projects/8adc80ec84e1cb220184e5f27d494dfb/dashboard/8adc81e585bef95e0185c869cbbe1895/details
Project: https://cloud.apisec.ai/#/app/projects/8adc80ec84e1cb220184e5f27d494dfb/dashboard
Environment: https://cloud.apisec.ai/#/app/config-environments/projects/8adc80ec84e1cb220184e5f27d494dfb/environmentList
Scan Dashboard: https://cloud.apisec.ai/#/app/projects/8adc80ec84e1cb220184e5f27d494dfb/profiles/8adc80eb84e1c98e0184e5f2a02953c6/runs/8adc823d85bef6cb0185c869930d41f6
Playbook: https://cloud.apisec.ai/#/app/projects/8adc80ec84e1cb220184e5f27d494dfb/playbooks/ApiV1OrgsIdDeleteInsecureCookies
Coverage: https://cloud.apisec.ai/#/app/config-categories/projects/8adc80ec84e1cb220184e5f27d494dfb/categories
Code Sample: https://cloud.apisec.ai/#/app/vulnerabilities/projects/8adc80ec84e1cb220184e5f27d494dfb/dashboard/8adc81e585bef95e0185c869cbbe1895/codesamples
PS: Please contact support@apisec.ai for apisec access and login issues.
--- apisec Bot ---